Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13013

ScriptException in Device ID flow on re-authentication


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0
    • Fix Version/s: 6.0.0
    • Component/s: scripting
    • Labels:
    • Target Version/s:
    • Needs backport:
    • Needs QA verification:
    • Functional tests:
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description


      Bug description

      The following error is being seen in Core Debug once re-authenticating in a chain using DeviceID modules and Device ID match seems to fail.

      org.forgerock.openam.scripting.ThreadPoolScriptEvaluator:04/27/2018 12:30:56:549 PM BST: Thread[http-nio-8080-exec-10,5,main]: TransactionId[7138dd7c-7591-42b4-8967-7765ce752362-178518]
      ERROR: Script terminated with exception
      java.util.concurrent.ExecutionException: javax.script.ScriptException: Can't find method java.util.HashMap.put(string,java.lang.Integer,number). (<Unknown source>#746) in <Unknown source> at line number 746 at column number 0
      	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
      	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
      	at org.forgerock.openam.scripting.ThreadPoolScriptEvaluator.evaluateScript(ThreadPoolScriptEvaluator.java:84)
      	at org.forgerock.openam.authentication.modules.scripted.Scripted.evaluateServerSideScript(Scripted.java:165)
      	at org.forgerock.openam.authentication.modules.scripted.Scripted.process(Scripted.java:143)
      	at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1091)
      	at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1289)
      	at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43

      How to reproduce the issue

      Latest build of AM:6.0.0  27th April

      NB: I have upgraded from last RC build- not a clean install.

      1. Setup a realm
      2. Setup a chain in realm and set as default for that realm

      • DataStore (Requisite) 
      • DeviceIdMatch (sufficient)
      • DeviceIdSave (Required/Requisite) to highlight failure

      3. Login initially as demo: Save device profile

      4. Logout and re-authenticate

      Expected behaviour
      Device ID Match module should be invoked : match and login should succeed.
      Current behaviour

      Login fails

      ScriptException is thrown in logs.

      In my test case  Device ID save also fails  : potentially due to NPE when trying to fetch device profile


      Work around


      Code analysis

      Possibly related to https://bugster.forgerock.org/jira/browse/OPENAM-12226

      There following was added to deviceidMatch-serverside.js script


      HashMap selectedProfile = new HashMap();
      selectedProfile.put("selectionCounter", java.lang.Integer.valueOf(parseInt(selectedProfile.get("selectionCounter")) + 1), 10);  <--
      selectedProfile.put("lastSelectedDate", java.lang.Long.valueOf(new Date().getTime()));`



      • Navigating to Global Services -> Scripting -> Secondary Configurations -> AUTHENTICATION_SERVER_SIDE -> Secondary Configurations -> EngineConfiguration -> Java class whitelist throws "Not Found Error" in UI





            • Assignee:
              rebecca.hayling Rebecca Hayling [X] (Inactive)
              jonthomas Jonathan Thomas
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: